Introduction to Security
In general, Security is
“The quality or state of being secure—to be free from danger” In other
words, Protection against enemy—from those who would do harm,
intentionally or otherwise—is the overall objective. Security is even more
important in Software Development Companies in India.
A successful organization should
have the following multiple layers of security in place to protect its
operations:
i. Physical security: To
assure physical items, objects, or areas from unauthorized access and misuse
ii. Personnel security: To
protect the individual or group of individuals who are authorized to access the
organization and its operations
iii. Operations security: To
secure the details of a particular operation or series of activities
iv. Communications
security: To assure communications media, technology, and content
v. Network security: To
protect networking components, connections, and contents
vi. Information security: To secure the confidentiality, integrity and availability of
information assets, in storage, processing, or transmission. It is achieved by the
application of policy, education, training and awareness, and technology
Information Security
Information security protects
information (and the facilities and systems that store, use and transmit it)
from a wide range of threats, in order to preserve its value to an
organization. Information security has gained good attention in Software Development Companies in India.
There are two important
characteristics of information that determine its value to an organization:
1. The scarcity of the information
outside the organization;
2. The share ability of the information
within the organization, or some part of it.
Key Information Security Concepts
Following are some concepts which need to be understand before going with Information Security:
1. Access: A subject or object’s ability to
use, manipulate, modify, update or affect another subject or object. Authorized
users have legal access to a system, whereas hackers have illegal access to a
system. Access controls rectify this ability.
2. Asset: The organizational resource that is
being protected. An asset can be logical, such as a Web site, information, or
data; or an asset can be physical, such as a person, computer system, or other
tangible object.
3. Attack: An
intentional or unintentional act that can cause damage to or otherwise
compromise information and/or the systems that support it. Attacks can be
active or passive, intentional or unintentional, and direct or indirect.
4. Control, Safeguard, or Countermeasure: Security
mechanisms, policies, or procedures that can successfully counter attacks,
reduce risk, resolve vulnerabilities, and otherwise improve the security within
an organization.
5. Exploit: A technique used to compromise a
system. Threat agents may attempt to exploit a system or other information
asset by using it illegally for their personal gain. Or, an exploit can be a
documented process to take advantage of a vulnerability or exposure, usually in
software, that is either inherent in the software or is created by the
attacker.
6. Loss: A
single instance of an information asset suffering damage or unintended or
unauthorized modification or disclosure. When an organization’s information is
stolen, it has suffered a loss.
7. Risk: The probability that something
unwanted will happen. Organizations must minimize risk to match their risk
weakness—the quantity and nature of risk the organization is willing to accept.
8. Subjects and Objects: A
computer can be either the subject of an attack—an agent entity used to conduct
the attack—or the object of an attack—the target entity
9. Threat: A
category of objects, persons, or other entities that presents a danger to an asset.
Threats are always present and can be purposeful or undirected.
10. Threat Agent: The
specific instance or a component of a threat.
11. Vulnerability: A weaknesses or flaw in a system or protection mechanism that
opens it to attack or damage. Some examples of vulnerabilities are
a flaw in a software package, an unprotected system port, and an unlocked
door.
Conclusion: Information is considered as lifeblood of all successful and profitable organizations that includes IT companies in India and thus everyone within an organization should be aware of its concepts that are described above.
No comments:
Post a Comment